/policies/,/policies/administrative/,/policies/administrative/uwmf/,/policies/administrative/uwmf/uwmf-wide/,/policies/administrative/uwmf/uwmf-wide/information-services/,

/policies/administrative/uwmf/uwmf-wide/information-services/in-pol-005.policy

20160374

page

100

UWHC,UWMF,

Policies,Administrative,UWMF,UWMF-wide,Information Services

Systemwide Malware and Antivirus (IN-POL-005)

Systemwide Malware and Antivirus (IN-POL-005) - Policies, Administrative, UWMF, UWMF-wide, Information Services

IN-POL-005


Administrative Departmental Policy
This department-specific policy applies to the operations and staff of the Information Services
Department of the University of Wisconsin Hospitals and Clinics Authority as integrated effective July 1,
2015.

Policy Title: Systemwide Malware and Antivirus
Policy Number: IN-POL-005
Effective Date: 02/26/16
Chapter: NA
Version: Revision
I. PURPOSE

This policy defines the processes for updating and maintaining antivirus software on UW Health
workstations and servers, critical to protecting the security of PHI and UW Health business
information.


II. DEFINITIONS (optional)

Antivirus definition files: Files that allow antivirus software to recognize viruses.

Central antivirus server: A system that controls the settings of antivirus software on multiple
devices. This includes deployment of new definition files and settings for real-time and scheduled
scans.


III. POLICY ELEMENTS

UW Health Information Services (IS) provides antivirus protection to all servers and workstations
on the UW Health domain on a continuous, scheduled basis. Virus definition files are updated by
the vendor. Service packs or maintenance releases are performed as needed to address security
vulnerabilities. A monthly audit is performed by Network Services to verify the virus scanning
system is up to date on all systems.

Appropriate workstation security procedures must be observed to:
• Assure the security of PHI and other confidential information.
• Maintain workstations in good working order.
• Protect computing systems from external intrusion or malicious software.

Any use that conflicts with these goals is explicitly prohibited. Users may not attempt to
circumvent or disable any security protections of a workstation or server.


IV. PROCEDURE


The following procedures support this policy:

Systemwide Malware and Antivirus Procedure (IN-PRO-005)


V. FORMS (optional)

NA


VI. REFERENCES (optional)

NA


VII. COORDINATION

Sr. Management Sponsor: UW Health IS CTO
Author: UW Health IS Director - Systems Security
Reviewer(s): UW Health IS Directors

Approval Committee: UWHC Internal Auditor

SIGNED BY:
UW Health CIO

Revision Detail:

Effective Date Next Review Summary of Changes Change Authors
02/26/2016 TBD/2017 Annual review/revision. E. Gerke, C. Frank, E. Bakkum
6/20/2014 6/20/2015 Original release.
E. Gerke, D. Jaworski, S. Schroeder, J.
Leonard